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DETAILED ACTION 
EXAMINER'S AMENDMENT 

An examiner's amendment to tine record appears below. Sliould tine clianges 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Mr. Stephen LeBlanc on June 5, 2008. 

The application has been amended as follows: 

In The Claims : 

33. (Canceled). 

In The Specification : 

Please replace the numbered paragraphs with the changes as indicated below. 
[001 0] Protecting information systems from various forms of attack has long been of 
concern to practitioners in the field. Some forms of protection are built into operating 
systems, such as user and/or password authentication. Other forms of protection 
include various software and sometimes hardware strategies. A very commonly used 
form of protection is anti-virus software. Inventor Fred Cohen, as early as 1988, 
proposed and implemented an integrity shell, which was a program that run in an 
operating system kernel space and used a modified execution system call to verify a 
check sum over every program before executing that program. Such a modified system 
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call allowed the system to protect against viruses that hid within executable 
components, because the presence of such viruses would change the checksum of 
those executable components. Further information about this work is available at 
http:(/)(/)allUnet(/)books(/)integ(/)vmodels.html. 

[001 1] It is believed to be generally known to modify parts of an operating system, 
including parts of kernel system calls, for various reasons. In some cases, modified 
system calls will preserve original system calls in order to remove modifications or in 
order to run original system calls after the modified portion is run. For example, such 
techniques are discussed in "The Linux Kernel Module Programming Guide" by Oh 
Pomerantz, believed available 1999-05-19. (see 
wwwUtldpUorg(/)LDP(/)lkmpg(/)node20.html.) 

[0012] Various strategies used in computer systems have at times included providing 
some type of misinformation. Some logic modules, for example, are designed to hide 
themselves from various operating system functions, such as process viewing functions, 
and thus can cause functions to provide a list of processes and(/)or files and(/)or users, 
for example, that are not complete. One use of such a strategy is mentioned in the 
context of a program referred to as the Kernel Intrusion System. This program is 
described as a kernel level rootkit that, among other things, makes modifications to the 
kernel to get some privileges, and hides itself from system administrators. Further 
information is available at www(Jpacketstormsecurity(Jorg(/)UNIX(/)penetration(/) 
rootkits(/)kis-0.9.tar.gz. 
Other References 
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Allowable Subject Matter 
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The following is an examiner's statement of reasons for allowance: The present 
invention is directed to a method and system for providing deceptions in an operating 
system. Independent claims 1 and 2 recite the uniquely distinct features of " receive a 
logic request at an operating system: determine if a deception should be provided bv 
the operating system: if yes, do one or more of: perform a deception action: provide a 
deception response: fulfill said logic request: if no fulfill the request normally ". 
Independent claims 3, 20 and 29 recite the uniquely distinct features of " intercepting an 
operating system call: deciding among a set of possible responses to said system call: 
and wherein said set of possible responses comprises granting, refusing to grant, 
falsifying granting or refusing, and modifying execution of said system call ". 
Independent claims 15 and 31 recite the uniquely distinct features of " modifying two or 
more system calls to identify entities for deception and/or provide deception functions: 
and providing deceptions from a system call to an entity identified for deception ". 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B. Smithers whose telephone number is (571) 
272-3876. The examiner can normally be reached on Monday-Friday (8:00-4:30) EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel L. Moise can be reached on (571 ) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retheval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Matthew B Smithers/ 

Primary Examiner, Art Unit 2137 



